file-ssh-key-auth-disabled: SSH Key-Based Authentication - Disabled

日期: 2025-08-01 | 影响软件: file-ssh-key-auth-disabled | POC: 已公开

漏洞描述

SSH key-based authentication is disabled, allowing password-based logins, which increases the risk of brute-force attacks and unauthorized access.

PoC代码[已公开]

id: file-ssh-key-auth-disabled

info:
  name: SSH Key-Based Authentication - Disabled
  author: pussycat0x
  severity: unknown
  description: |
    SSH key-based authentication is disabled, allowing password-based logins, which increases the risk of brute-force attacks and unauthorized access.
  remediation: |
    Enable SSH key-based authentication by adding the public key to ~/.ssh/authorized_keys and disabling password authentication in /etc/ssh/sshd_config (PasswordAuthentication no).
  reference:
    - https://vishalraj82.medium.com/hardening-openssh-security-37f5d634015f
    - https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server
  metadata:
    verified: true
  tags: audit,config,file,ssh

file:
  - extensions:
      - all

    matchers:
      - type: word
        words:
          - "PasswordAuthentication yes"
# digest: 4a0a00473045022100b43f27c7d5657e32da83477f0570e82071941a304b3e85cd5bf69f363b018e6d02206f4ea207f22e9a085e59213202084b3e5b5d71ad5283e34bf28da0cd9a3ca8f6:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./file/audit/ssh/file-ssh-key-auth-required.yaml